The report says that Amazon.com's AWS would likely build a private cloud for the CIA, running on the government's iron behind a firewall. This flies against AWS's near-religious belief that public cloud is the way to go and its statements that a movement into the private cloud space is unlikely. "AWS has virtual private clouds (VPC), which are infrastructure-as-a-service (IaaS) resources dedicated to specific customers, but it does not have a product for customers to deploy AWS-like clouds on customers own infrastructure," the report says.

Why has AWS agreed to build a private AWS for the CIA? I suspect the money was too good to pass up, not to mention the bragging rights that come with being the CIA's cloud solution. The CIA could have gone for the AWS API-compatible Eucalyptus private cloud or one of the dozens of OpenStack private cloud providers. However, the cred that AWS carries combined with the CIA opportunity no doubt was enough to convince AWS to compromise its party line.

The problem with this sort of approach from public cloud providers is that it moves their business from services to software. Their technology is not designed as software, so a great deal of effort will be needed to make that change work.

Moreover, support will be a challenge: How will AWS distribute new services, patches, and updates? Maybe there will be a separate code tree. It'll get complicated -- quickly. I should know: I've been there and have the T-shirt.